Articles Posted inEmployment Issues

On May 21, 2013, Washington’s governor signed a new law protecting employee social networking accounts.

The new law, which goes into effect on July 28, 2013, prevents employers from requesting, requiring or coercing an employee or applicant to disclose login information for the employee’s personal social networking account. Employers also may not ask employees to access such accounts in the employer’s presence; add the employer to the employee’s contacts; or alter third party access settings. Work-related accounts and devices paid for or supplied by the employer are exempt.

If an employer inadvertently receives login information, it is not liable for possessing the information but may not use it to access the employee’s account.

Importantly, employers may still:

Comply with the requirements of state or federal law;

Conduct investigations to comply with laws against work-related employee misconduct based on receiving information about the employee’s activity; and

Conduct investigations based on receiving information about the unauthorized transfer of proprietary or confidential information or financial data.

The law creates a private cause of action for employees and applicants. Prevailing plaintiffs may be awarded equitable relief, actual damages, a $500 penalty, and reasonable attorneys’ fees and costs. However, a court may also award reasonable expenses and attorneys’ fees to a prevailing defendant if the judge determines that the action was frivolous and without reasonable cause.

Washington joins Maryland, Illinois, California, Michigan, Utah, Arkansas, and Colorado in enacting such laws. New Mexico has enacted similar legislation, but it prohibits access only to the accounts of prospective employees.

On May 20, 2013, the New Jersey Assembly passed – by a vote of 77 to 0 – a revised bill barring employers from seeking access to employees’ social media accounts.

The bill incorporates changes suggested by Governor Chris Christie, including the elimination of a private cause of action. Instead, the law will be enforced by the New Jersey Commissioner of Labor and Workforce Development. Employers would be subject to a maximum civil penalty of $1,000 for the first violation and $2,500 for each subsequent violation.

Under the proposed law, employers may not request or require a current or prospective employee to provide a user name, password, or any other form of access to a personal social networking account. The law applies only to purely personal accounts; the law does not apply to accounts used for business purposes or policies regarding employer-issued devices.

The revised bill now awaits passage by the state Senate, where the prior version of the bill passed with a vote of 38-0.

PhoneDog LLC filed a lawsuit last July against a now former employee,
Noah Kravitz. PhoneDog, which reviews mobile devices, including phones and tablets, is claiming ownership of Kravitz’s Twitter followers. They claim he owes them $340,000 based on an assumed value of $2.50 per follower per month.

The dispute arose when Kravitz resigned and allegedly changed his Twitter name from PhoneDog_Noah to noahkravitz, to keep the 17,000 followers that he built up since 2006 when he started with the company. The company is alleging that the followers should be treated like a customer list, and therefore PhoneDog’s property. The fact that Mr. Kravitz used the company name in his Twitter handle likely will not help him. However, the company probably could have done more to ensure that they owned the account and followers.The outcome of this case will likely be based on the specific facts here.

But regardless of the outcome, companies should take away a very important lesson from this case. The lesson is that it is critical to address employee social media issues. Lawsuits and their costs and uncertain outcomes can be avoided by having well thought out and clear policies and agreements with employees who use social media in connection with company activities. Don’t wait until an issue like this is upon you to focus on a social media policy.

Companies that do not have a social media policy need to fix that as soon as possible. Those that have cobbled one together but without expert advice, need to have the policies reviewed to plug the holes. In short, all companies using social media would benefit from spending a little time having their social media policies and agreements reviewed by an attorney who spends time everyday on social media issues.

The U.S. District Court for the Northern District of
Illinois has held that a company’s alleged use of an employee’s Facebook and Twitter
pages without her permission to post marketing messages that looked like they
were written by the employee may be liable under the Illinois Right to Publicity
Act and the Lanham Act for false endorsement.

In this case, the employee, Jill Maremont, worked for an
interior design firm in Chicago. As part of her job, Maremont created a
work-related blog that was hosted on her employer’s website. She also frequently
posted to both her Facebook page and Twitter, which both included her picture
and were, according to her, personal accounts.

In September 2009, Maremont was in an automobile accident
and was seriously injured. During Maremont’s convalescence, her employer posted
company messages to Maremont’s Facebook page and Twitter account, writing posts
that claimed to be from Maremont.

When Maremont found out about the substitute posts, she
asked her employer to stop because, among other things, it made it seem like she
was already back and work and her injuries were less severe than they actually
were. However, the posts allegedly continued until Maremont changed the
passwords to her Facebook and Twitter accounts.

The court held that those allegations were sufficient to
proceed under the theories of false endorsement and breaches of her right to
publicity. However, the court dismissed the plaintiff’s common law
misappropriation of likeness claim, noting that the tort was replaced by the
state’s Right to Publicity Act, and rejected the plaintiff’s unreasonable
intrusion upon seclusion claim.

This case deals with
something employers should deal with in their social media policy – personal
social media accounts. Like most other issues regarding social media, how a
given employer deals with a given question depends a lot on the employer, its
industry and its culture. Some businesses prohibit employees from having
personal work-related social media accounts, while some encourage it. Consider
what the right position is for your business, discuss it with your employees who
are active in social media, and document the decision in your social media
policy.

According to a recent study by OpenDNS,
Facebook is both the most widely blocked site in enterprises today and the second most widely allowed site in enterprises today. The study goes on to report that more than 14 percent of all enterprises that block websites on their networks choose to block Facebook, and MySpace and YouTube round out the top three most commonly blocked websites for business users.

The OpenDNS findings are consistent with those reported in ProofPoint’s 7th Annual Survey on Outbound Messaging and Content Security, which broke the blocking statistics down by company size:

And there’s a good reason for companies to be blocking that access. According to the ProofPoint report, in 2010:

First, have a social media policy. Talk to employees and solicit ideas for the corporate social media policy. You want to encourage all personnel to think and act like an official company spokesperson, but make sure they know they are not an official company spokesperson and cannot claim to be. The company should designate social media representatives and give them limitations what they are and aren’t supposed to do.

Identify off-limit subjects ahead of time and share that with your company’s social media representatives. Employee training and communication are key to compliance.

Second, have a monitoring policy. From a company perspective, the policy should state that all use of company-provided equipment or services can be monitored, but limit searches of communications/devices to where there is suspicion of misconduct, and limit those searches so that they are consistent with the purpose of the investigation.

Third, make disciplinary consequences clear in your policies, and be consistent in application of the policies. Turning a blind eye to executive violations of the policies, or applying different disciplinary consequences to executives who violate policies can undercut both the company’s moral authority in the eyes of the employees who are subject to those policies and the company’s legal ability to enforce those policies.